Commit c1ed833e authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'smc-fixes' 



D. Wythe says

====================
bugfixs for smc

This patches includes bugfix following:

1. hung state
2. sock leak
3. potential panic

We have been testing these patches for some time, but
if you have any questions, please let us know.

--
v1:
Fix spelling errors and incorrect function names in descriptions

v2->v1:
Add fix tags for bugfix patch
====================

Reviewed-by: default avatarWenjia Zhang <wenjia@linux.ibm.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents d93f9528 aa96fbd6

net/smc/af_smc.c

+2 −2
Original line number Diff line number Diff line
@@ -275,7 +275,7 @@ static int __smc_release(struct smc_sock *smc) 


	if (!smc->use_fallback) {

		rc = smc_close_active(smc);

		sock_set_flag(sk, SOCK_DEAD);

		smc_sock_set_flag(sk, SOCK_DEAD);

		sk->sk_shutdown |= SHUTDOWN_MASK;

	} else {

		if (sk->sk_state != SMC_CLOSED) {
@@ -1743,7 +1743,7 @@ static int smc_clcsock_accept(struct smc_sock *lsmc, struct smc_sock **new_smc) 
		if (new_clcsock)

			sock_release(new_clcsock);

		new_sk->sk_state = SMC_CLOSED;

		sock_set_flag(new_sk, SOCK_DEAD);

		smc_sock_set_flag(new_sk, SOCK_DEAD);

		sock_put(new_sk); /* final */

		*new_smc = NULL;

		goto out;

net/smc/smc.h

+5 −0
Original line number Diff line number Diff line
@@ -377,4 +377,9 @@ int smc_nl_dump_hs_limitation(struct sk_buff *skb, struct netlink_callback *cb); 
int smc_nl_enable_hs_limitation(struct sk_buff *skb, struct genl_info *info);

int smc_nl_disable_hs_limitation(struct sk_buff *skb, struct genl_info *info);



static inline void smc_sock_set_flag(struct sock *sk, enum sock_flags flag)

{

	set_bit(flag, &sk->sk_flags);

}



#endif	/* __SMC_H */

net/smc/smc_cdc.c

+5 −6
Original line number Diff line number Diff line
@@ -28,13 +28,15 @@ static void smc_cdc_tx_handler(struct smc_wr_tx_pend_priv *pnd_snd, 
{

	struct smc_cdc_tx_pend *cdcpend = (struct smc_cdc_tx_pend *)pnd_snd;

	struct smc_connection *conn = cdcpend->conn;

	struct smc_buf_desc *sndbuf_desc;

	struct smc_sock *smc;

	int diff;



	sndbuf_desc = conn->sndbuf_desc;

	smc = container_of(conn, struct smc_sock, conn);

	bh_lock_sock(&smc->sk);

	if (!wc_status) {

		diff = smc_curs_diff(cdcpend->conn->sndbuf_desc->len,

	if (!wc_status && sndbuf_desc) {

		diff = smc_curs_diff(sndbuf_desc->len,

				     &cdcpend->conn->tx_curs_fin,

				     &cdcpend->cursor);

		/* sndbuf_space is decreased in smc_sendmsg */
@@ -114,9 +116,6 @@ int smc_cdc_msg_send(struct smc_connection *conn, 
	union smc_host_cursor cfed;

	int rc;



	if (unlikely(!READ_ONCE(conn->sndbuf_desc)))

		return -ENOBUFS;



	smc_cdc_add_pending_send(conn, pend);



	conn->tx_cdc_seq++;
@@ -385,7 +384,7 @@ static void smc_cdc_msg_recv_action(struct smc_sock *smc, 
		smc->sk.sk_shutdown |= RCV_SHUTDOWN;

		if (smc->clcsock && smc->clcsock->sk)

			smc->clcsock->sk->sk_shutdown |= RCV_SHUTDOWN;

		sock_set_flag(&smc->sk, SOCK_DONE);

		smc_sock_set_flag(&smc->sk, SOCK_DONE);

		sock_hold(&smc->sk); /* sock_put in close_work */

		if (!queue_work(smc_close_wq, &conn->close_work))

			sock_put(&smc->sk);

net/smc/smc_close.c

+3 −2
Original line number Diff line number Diff line
@@ -116,7 +116,8 @@ static void smc_close_cancel_work(struct smc_sock *smc) 
	struct sock *sk = &smc->sk;



	release_sock(sk);

	cancel_work_sync(&smc->conn.close_work);

	if (cancel_work_sync(&smc->conn.close_work))

		sock_put(sk);

	cancel_delayed_work_sync(&smc->conn.tx_work);

	lock_sock(sk);

}
@@ -173,7 +174,7 @@ void smc_close_active_abort(struct smc_sock *smc) 
		break;

	}



	sock_set_flag(sk, SOCK_DEAD);

	smc_sock_set_flag(sk, SOCK_DEAD);

	sk->sk_state_change(sk);



	if (release_clcsock) {